|Publication number||US7913097 B2|
|Application number||US 12/405,317|
|Publication date||Mar 22, 2011|
|Filing date||Mar 17, 2009|
|Priority date||Apr 22, 2003|
|Also published as||CN1540595A, CN100336082C, US7523320, US20040255141, US20090182640|
|Publication number||12405317, 405317, US 7913097 B2, US 7913097B2, US-B2-7913097, US7913097 B2, US7913097B2|
|Inventors||Leonard B. Hodder, William Gugg|
|Original Assignee||Seiko Epson Corporation|
|Export Citation||BiBTeX, EndNote, RefMan|
|Patent Citations (36), Referenced by (5), Classifications (32), Legal Events (1)|
|External Links: USPTO, USPTO Assignment, Espacenet|
This application is a divisional of U.S. patent application Ser. No. 10/420,416 filed Apr. 22, 2003, now U.S. Pat. No. 7,523,320, issued Apr. 21, 2009, the contents of which are incorporated herein by reference.
The present invention relates in general to point-of-sale (“POS”) systems and more specifically to a point-of-sale fiscal data recorder for storing tax data associated with purchase transactions on behalf of a taxing authority.
In almost every country, merchants are required to collect tax on behalf of the governing taxing authority when a purchase transaction is completed with a purchaser. To facilitate the determination of the amounts of purchase transactions and the appropriate amount of tax to be collected, POS systems are used by most merchants. Typical POS systems include fiscal printers that print customer receipts and control receipts showing the amount of taxes collected by the merchant on behalf of the taxing authority. Periodically, merchants are required to submit these receipts to the taxing authority, with payments commensurate with the amount of tax collected.
Taxing authorities have in the past experienced difficulties with this paper-based method because, in many instances, merchants fail to submit the complete set of control receipts for a period.
To deal with the inefficiencies associated with the above-described tax collection method, electronic collection of fiscal data has been proposed. In POS systems that print electronic fiscal data collection, a controller having a fiscal memory module to store fiscal data is connected between the host terminal and the printer. When a purchase transaction is completed, the fiscal data is stored in a fiscal memory module obviating the need to generate paper receipts.
For example, U.S. Pat. No. 5,644,724 to Cretzler is directed to a point-of-sale tax collection system and method for automatically submitting taxes from a merchant site to a taxing authority. A merchant computer, electronically identifiable by a unique tax identification number, automatically stores the tax amount accrued during a customer transaction. A computer at the merchant's bank periodically accesses the merchant computer and transfers the accumulated tax amount to the tax authority's bank.
U.S. Pat. No. 5,774,872 to Golden et al. is directed to an automated taxable transaction reporting system. A number of merchant point-of-sale terminals are networked to a data collection subsystem, which is in turn, connected to a central computer. The central computer accepts inputs from multiple data collection subsystems and generates transaction tax reports for submission to the taxing authority.
U.S. Pat. No. 5,799,283 to Francisco et al. is directed to a point-of-sale tax reporting and automatic collection system. A “smart” tax register, located at the retailer, calculates the sales tax due during a transaction and then immediately forwards the transaction and sales data to a remote computer operated by a local taxing authority. Information from each local taxing authority is periodically compiled and collected by the national taxing authority for use in collection reporting.
U.S. Pat. No. 6,199,049 to Conde et al. is directed to a point-of-sale device for maintaining a secure electronic journal. Transaction data from a point-of-sale terminal is stored in non-volatile RAM and an encrypted digital signature is generated based on transaction data. The transaction data and corresponding digital signature are transferred to a separate journal memory for permanent storage. A taxing authority may audit the transaction data.
U.S. Pat. No. 6,360,208 to Ohanian et al. is directed to an automatic tax collection apparatus and method. A machine-readable code is applied to a saleable item and then associated in a central database with information regarding the item manufacturer and tax payment information for the item. Tax payment may be tracked by first applying the code to the saleable item and entering item data corresponding to the code into a database, such as whether tax has been paid on the sale of the item. The data may be verified by having a machine read the code and collect information regarding the tax payment.
Although these electronic fiscal data collection systems have proven to be better at providing more accurate tax collection information than the paper receipt systems, problems exist. These electronic fiscal data collection systems are subject to tampering. The software that controls writing of tax data to memory can be altered. This has enabled inaccurate data to be written to memory, memory to be overwritten and tax records to be cancelled. When this occurs, inaccurate tax data is submitted to the taxing authority.
Accordingly, there remains a need to improve the integrity of electronic fiscal data. It is therefore an object of the present invention to provide a novel fiscal data recorder and fiscal memory module for the same.
The present invention provides a fiscal data recorder having a fiscal memory module for storing fiscal data in a secure manner. The fiscal memory module comprises programmable memory and a write-protection circuit in a tamper-proof package. The fiscal memory module is in communication with a main circuit board of the fiscal data recorder via a detachable cable which allows replacement of the fiscal memory module, alternate mounting of the module as required by the tax authorities, and coupling of the fiscal memory module to other devices for security auditing purposes.
To provide electronic security, data writes to the memory are first latched in the write-protection circuit. When a data write to the memory is attempted, the write-protection circuit checks the target area of the memory to ensure that it has not been written to previously. If the target area of the memory is clear, the data is written to the memory at the specified address. If the target area of the memory has been written to previously, the write-protection circuit inhibits the data from being written to the memory and returns an error status to the controlling application.
In accordance with one aspect of the present invention there is provided a fiscal data recorder for storing transaction related data, comprising:
a processing unit receiving transaction related data;
memory communicating with said processing unit for storing transaction related data; and
a protection circuit acting between said processing unit and said memory, said protection circuit inhibiting electronic tampering with said memory.
In accordance with another aspect of the present invention, there is provided a fiscal data recorder for storing transaction related data, comprising:
a main circuit board;
a processing unit mounted on said main circuit board for receiving transaction related data;
removable memory mounted on said main circuit board for storing transaction related data;
a tamper-proof seal acting between said memory and said main circuit board; and
a protection circuit for controlling access to said memory and inhibiting data stored in said memory from being overwritten; and
a tamper-proof seal inhibiting physical access to said memory and said protection circuit.
Because the memory and the write-protection circuit are coupled and sealed within tamper-proof packaging, unauthorized or fraudulent physical and electronic access to the memory is prevented.
A detailed description of the preferred embodiment is set forth in detail below, with reference to the following drawings, in which:
The present invention relates generally to a fiscal data recorder having a fiscal memory module to store fiscal data relating to transactions so that accurate tax data is passed to the taxing authority. The fiscal memory module is designed to inhibit both physical and electronic tampering thereby to ensure the integrity of the tax data. A preferred embodiment of the present invention will now be described with reference to
Turning now to
A fiscal memory module 30 is connected to the CPU 22 and to a fiscal memory program power supply 32 via a memory interface 34. Fiscal memory module 30 includes a Complex Programmable Logic Device (CPLD) write-protection circuit 36 and a 512 KB one-time programmable erasable/programmable read-only memory (“OTP-EPROM”) fiscal data memory 38. Access to the fiscal data memory 38 for reading or writing is only permitted via write-protection circuit 36.
In addition, the CPU 22 also has a connection to a printer interface 40 that supports TTL-level synchronous or asynchronous serial communications via a proprietary Universal Interface Bus or any other suitable bus. Also included are a power-on reset module 42, a power-fail detect module 44, and a voltage regulation and control module 46 coupled to a battery 48. A 128 KB RAM module 50 and a 512 KB EPROM program memory 52 are connected directly to the CPU 22. BIOS firmware is stored on the EPROM program memory 52 for execution by the CPU 22.
Service mode jumper 54 is available for enabling the board to be operated in a service mode, and DIP switches 56 are available for use by the application for option selection. In the present invention, the service mode may be used to download fiscal data to the auditor's fiscal equipment via the fiscal interface 26, but can also allow for other functionality. An externally accessible pushbutton 58 is connected to the CPU 22 and can be used for printing special fiscal reports, as required by the application. Such reports can include detailed transaction information or may summarize fiscal activity.
An optional electronic journal module 60 is shown connected to the CPU 22 via an electronic journal interface 62, such as a socket and pin configuration.
To prevent electronic tampering, the EPROM fiscal data memory 38 is coupled to the write-protection circuit 36. The write-protection circuit 36 is a CPLD, which prevents the memory from being overwritten or tampered with electronically. To this end, the CPLD implements a circuit that prevents any software from overwriting any programmed memory cell. The firmware BIOS of the EPROM program memory 52 provides read/write memory access to the application executing on host device 14 and allows the printer interface 40 to be configured.
Access to the fiscal memory module 30 is restricted and only leads connected to the write-protection circuit 36 are physically accessible, inhibiting physical tampering with the memory module 30 itself. Further, the write-protection circuit 36 acts to protect the fiscal data memory 38 from electronic tampering, requiring a specific protocol to be followed before the fiscal data memory 38 can be written to. The fiscal memory module 30 is separated from the main board 20 by a cable, and may be connected to a specialized fiscal reading device for data reading and inspection by a taxing authority. In a typical application, the fiscal data memory 38 has a unique serial number corresponding to the merchant and is removable by a government inspector so that it may be replaced with new, empty memory.
The electronic journal module 60 provides up to 128 MB of electronic journal storage for use by a merchant in storing the transaction data, augmenting the data stored in the removable fiscal memory module 30. This electronic journaling can be used with printers that do not print double copies of receipts, or by establishments that typically clear their receipts electronically at the end of day/week for inventory and revenue purposes. While the fiscal memory module 30 records the minimum required information for remission of taxes levied at the point of sale, the journal module 60 can record considerably more information for record-keeping purposes. The electronic journal module 60 uses a dedicated microcontroller to handle read and write operations to a compact flash memory module. The journaling memory is populated using separate programming hooks offered by the same BIOS as used for recording fiscal data on the removable fiscal memory module 30, but it has a dedicated microcontroller to handle reading and writing.
The microcontroller of the electronic journal module 60 compresses data relating to each transaction, since the amount of data required to be stored is much larger than that required for the fiscal data recorder. A different compression algorithm is used for different types of information to be stored. For instance, the header record for a transaction is compressed differently than the item record for the transaction.
Desired data writes are comprised of a set of data presented to data latch 64, a data buffer, and an address presented to address latch 66 indicating where the data is to be written. Data comparator circuit 68 captures the data byte read from the point in fiscal data memory 38 corresponding to the latched address during a read cycle. Upon determination of a value of 0xFF (blank), the comparator 68 signals the Vpp enable latch 70 to allow a programming voltage Vpp to be applied to the fiscal data memory 38 via Vpp switch 74. Timing and sequencing logic 72 controls the timing and order of the latching, reading and writing performed by the various components in the write-protection circuit.
The write-protection circuit 36 requires a specific write sequence to be used for writing to a particular block of fiscal data memory 38. If the write sequence is not followed precisely, then the write-protection circuit 36 will inhibit the write sequence from being performed. The operation of the fiscal data recorder 10 will now be described with particular reference to
When a reset, cold boot or warm boot occurs, the removable fiscal memory module 30 is initialized by the CPU 22. Initialization commences with the BIOS confirming that the CPLD write-protection circuit 36 is present by writing the CPLD ID pattern to the write-protection circuit 36, and checking for a valid response. Next, the EPROM voltage setting is checked and the EPROM manufacturer and type are read from the EPROM's electronic signature. Finally, the unused space in the fiscal data memory 38 is determined by finding the last address of memory that is populated. In the present invention, each memory address corresponding to a memory cell is checked, starting with the last and proceeding decrementally, for a meaningful entry. Upon discovery of the last memory address utilized in the fiscal data memory 38, the memory address is reported to the application executing on the host device 14. If the CPLD ID does not respond correctly, or the EPROM electronic signature is incorrect, then an error status is reported by the BIOS to the application. If there is insufficient memory space to record additional transactions, the fiscal application must report this condition to the host system. The host device 14 can then determine the best course of action.
When data is to be written to the fiscal data memory 38, the application executing on the host device 14 directs for a specific byte to be written to a specific address deemed to be available by the application, which maintains memory allocation information regarding the fiscal data memory 38. The BIOS of the program memory 52 then writes the data and the address to which the data is to be written to the write-protection circuit 36 at step 204. The BIOS is programmed to only attempt to write non-blank values (i.e. anything other than 0xFF) to the fiscal data memory 38 so that actual bytes of data are not mistaken for unprogrammed memory cells. At step 208, the write-protection circuit 36 then performs a read cycle for reading the data from the fiscal data memory 38 at the specified addresses. The write-protection circuit 36 then determines whether the entire destination memory block to be written to is blank (i.e. each cell has a value of 0xFF), and thus unprogrammed, at step 212. If any part of the block is not blank, the programming operation is halted, and an error status is returned by the BIOS to the application at step 216. If the destination memory block specified by the BIOS is unprogrammed, then an address is written into the address latch 66 and data is written into the data latch 64 at step 220. Next, the byte of data at the specified address is read from the fiscal data memory 38 into the data comparator 68 at step 224. If the comparator 68 detects any value other than 0xFF at step 228, then the voltage required for programming the fiscal data memory 38, Vpp, is not applied to the fiscal data memory 38 and the write-protection circuit reports a failure status at step 216 and the write process terminates. The sequence must then be restarted at step 204 by the BIOS to attempt writing to another cell. If, however, the data comparator 68 finds that the byte is equal to 0xFF (a blank) at step 228, the memory cell is considered unprogrammed and the data and address latches 58 and 60 are locked and therefore unalterable at step 232. At this point, the Vpp enable latch 70 signals Vpp switch 56 to permit the programming voltage Vpp to be applied to the fiscal data memory 26 at step 236. The memory cell in fiscal data memory 38 corresponding to the address is then programmed with the latched data at step 240. If any further data is to be stored by the write-protection circuit at step 244, then the latched address is incremented or decremented and the writing process continues at step 220. Once all of the data has been written to the fiscal data memory 38, the process is complete. The complete block of data is provided in the RAM 50 to the BIOS by the application, along with byte count and fiscal memory write address. Upon successful completion of the write operation to the fiscal data memory 38, the data in the RAM 50 may be discarded.
When data is to be read from the fiscal data memory 38, the address is written to the address latch 66 in the write-protection circuit 36. A value of 0xFF is written into the data latch 64 in the write-protection circuit 36 to indicate that a read operation is to occur. Data at the specified address in fiscal data memory 38 may then be read. To increase access speed for sequential reading of the fiscal data memory 38, the write-protection circuit 36 automatically increments or decrements the address for each successive read operation, using a counter in address latch 66. This feature is disabled during programming of the fiscal data memory 38.
In order to better illustrate the physical security features of the invention, the assembly of the fiscal data recorder 10 and its installation in the printer 12 will now be described with reference to
Once the fiscal memory module 30 has been secured to the chassis 100, the chassis 100 is ready to receive the main circuit board 20. In preparation, first the EPROM 52 is placed into its socket and tested, and a sealing label, as possibly required by the taxing authority, is placed over the EPROM 52, securing it to the main board 20, if the EPROM 52 is deemed satisfactory for use. The sealing label is designed to tear upon attempted removal of the EPROM 52 from the main board 20. The EPROM program memory 52 can be removed by an authorized tax authority representative and tested for unauthorized alterations to the firmware residing on it.
The main circuit board 20 is then placed into the chassis 100, as shown in
Once the electronic journal module 60 is ready to be installed into the chassis 100, it is placed atop the second set of four spacers 144 and secured thereto via four fastening screws 148, as shown in
The printer 12 is also shown having a customer display interface connector 192 and a cash drawer interface connector 196 for connecting optional components to the printer 12.
The fiscal data stored on the fiscal memory module 30 can be read through software executing on the host device 14 accessed by a taxing authority. When, however, the taxing authority wishes to audit the data collected by the fiscal data recorder 10, the tax authority can verify the integrity of the fiscal data contained in the fiscal memory module 30 by performing a number of steps. First, the seal on the exterior of the fiscal data recorder 10 is visually inspected to verify that it is intact and unbroken. Where the seal on the housing of the fiscal data recorder 10 is intact, the auditor can deem the data to have integrity. Further, the EPROM program memory can be detached from the main board 20 and tested.
In the present embodiment, the fiscal data memory is of a sufficient size that is not expected to be filled during the expected lifetime of the printer. However, should the fiscal data memory of the fiscal memory module be filled, the taxing authority can open the fiscal data recorder 10 to physically remove the fiscal memory module 30 and replace it with a fresh, unprogrammed memory module. This process may be controlled or restricted by the tax authorities.
The above-described invention allows a taxing authority to verify the integrity of the data collected via the fiscal data recorder 10. As the removable fiscal memory module 30 can only be populated with data via the BIOS of the program memory 52, as the integrity of the BIOS firmware of the program memory 52 can be verified by testing, and as each critical component is sealed to the main board 20, tampering with the fiscal data collected by the removable fiscal memory module 30 is effectively inhibited.
Although a preferred embodiment of the present invention has been described in detail, those of skill in the art will appreciate that variants may be made.
For instance, the memory capacities described herein having regard to the program memory, RAM and fiscal data memory may be increased or decreased to suit the particular environment.
Furthermore, though an OTP-EPROM has been shown as the preferred choice for the fiscal data memory, any type of memory that retains data without the application of power, and that may be programmed with data only under the application of power, could be used.
The write-protection circuit, though implemented in the preferred embodiment on a CPLD, could be implemented using different hardware technologies.
Although a preferred embodiment of the present invention has been described, those of skill in the art will appreciate that variations and modifications may be made without departing from the spirit and scope thereof as defined by the appended claims.
|Cited Patent||Filing date||Publication date||Applicant||Title|
|US4144567||May 26, 1977||Mar 13, 1979||Tokyo Electric Co., Ltd.||Electronic cash register|
|US4258430||Dec 8, 1978||Mar 24, 1981||Tyburski Robert M||Information collection and storage system with removable memory|
|US5396417||Nov 1, 1991||Mar 7, 1995||Capitol Cities/Abc, Inc.||Product distribution equipment and method|
|US5521876||Feb 21, 1995||May 28, 1996||Fujitsu Limited||FIFO memory device capable of writing contiguous data into rows|
|US5644724||Sep 28, 1994||Jul 1, 1997||Cretzler; Donald J.||Point-of-sale tax collection system and method of using same|
|US5774872||Sep 23, 1996||Jun 30, 1998||Richard Golden||Automated taxable transaction reporting/collection system|
|US5799283||May 10, 1995||Aug 25, 1998||Francisco; Paul A.||Point of sale governmental sales and use tax reporting and receipt system|
|US5862147||Apr 21, 1997||Jan 19, 1999||Nec Corporation||Semiconductor device on semiconductor wafer having simple wirings for test and capable of being tested in a short time|
|US5875433||Oct 7, 1996||Feb 23, 1999||Taxnet Systems, Inc.||Point of sale tax reporting and automatic collection system with tax register|
|US5912849||Aug 28, 1998||Jun 15, 1999||Hitachi, Ltd.||Write Protection for a non-volatile memory|
|US5933595||Jun 20, 1997||Aug 3, 1999||Sharp Kabushiki Kaisha||Computer apparatus having electrically rewritable nonvolatile memory, and nonvolatile semiconductor memory|
|US6032237||Jun 19, 1998||Feb 29, 2000||Hitachi Ltd.||Non-volatile memory, memory card and information processing apparatus using the same and method for software write protect control of non-volatile memory|
|US6078899||Aug 25, 1998||Jun 20, 2000||Francisco; Paul A.||Point of sale tax reporting and automatic collection system with tax register|
|US6199049||Sep 30, 1998||Mar 6, 2001||International Business Machines Corporation||Verifiable electronic journal for a point of sale device and methods for using the same|
|US6215717||Sep 28, 1998||Apr 10, 2001||Fujitsu Limited||Semiconductor memory device for reducing a time needed for performing a protecting operation|
|US6330648||May 28, 1996||Dec 11, 2001||Mark L. Wambach||Computer memory with anti-virus and anti-overwrite protection apparatus|
|US6360208||Feb 4, 1999||Mar 19, 2002||Intermec Ip Corp.||Method and apparatus for automatic tax verification|
|US6415341||Jan 29, 1999||Jul 2, 2002||Tekserve Pos, Llc||Point-of-sale terminal adapter|
|US6501558||Aug 5, 1999||Dec 31, 2002||Seiko Epson Corporation||Data separating interface apparatus and method|
|US6611904||May 2, 2000||Aug 26, 2003||Stmicroelectronics S.A.||Memory access address comparison|
|US6646565||Jun 1, 2000||Nov 11, 2003||Hewlett-Packard Development Company, L.P.||Point of sale (POS) terminal security system|
|US6675281||Jan 22, 2002||Jan 6, 2004||Icreate Technologies Corporation||Distributed mapping scheme for mass storage system|
|US20020018130||Jan 11, 2001||Feb 14, 2002||Kazunori Suemoto||Apparatus for capturing image, its method of recording data, and recording medium|
|US20030019770||Jul 19, 2002||Jan 30, 2003||Hodes Mark Brent||Method & apparatus for point of sale generated access to remote file|
|US20050259484||May 19, 2004||Nov 24, 2005||Newell Russell D||Systems and methods for write protection of non-volatile memory devices|
|CN1166006A||May 17, 1996||Nov 26, 1997||陈伯宁||Electronic accounts transfering device and processing method thereof|
|DE4437460A1||Oct 19, 1994||Apr 25, 1996||Siemens Nixdorf Inf Syst||Journalspeicher|
|EP0180978B1||Nov 6, 1985||Oct 14, 1992||Sharp Kabushiki Kaisha||Electronic cash register|
|JP11283125A||Title not available|
|JP2000011257A||Title not available|
|JP2000076030A||Title not available|
|JPH086865A||Title not available|
|JPH07249177A||Title not available|
|JPH11283125A||Title not available|
|LV12636A||Title not available|
|WO1999066465A1||Jun 9, 1999||Dec 23, 1999||Zpm - Indústria, Comércio, Importação, Exportação E Representações Ltda.||Disposition in fiscal printer|
|Citing Patent||Filing date||Publication date||Applicant||Title|
|US8339632 *||Dec 1, 2009||Dec 25, 2012||Seiko Epson Corporation||Fiscal printer|
|US8831982 *||Jan 7, 2011||Sep 9, 2014||Seiko Epson Corporation||Fiscal board receiving case and fiscal printer|
|US20100134821 *||Dec 1, 2009||Jun 3, 2010||Seiko Epson Corporation||Fiscal Printer|
|US20110145658 *||Dec 14, 2010||Jun 16, 2011||Seiko Epson Corporation||Electronic apparatus and method of controlling electronic apparatus|
|US20110169385 *||Jul 14, 2011||Seiko Epson Corporation||Fiscal board receiving case and fiscal printer|
|U.S. Classification||713/194, 705/16, 711/163, 705/19, 235/2, 705/64, 726/34|
|International Classification||G06Q20/20, G06Q40/00, G06Q20/38, G06Q20/34, G06F12/00, G07G1/12, G07F7/10|
|Cooperative Classification||G07F7/082, G07G1/12, G06Q20/207, G06Q20/20, G07F7/1008, G06Q20/382, G07G5/00, G06Q40/123, G06Q20/341|
|European Classification||G07F7/10D, G07G5/00, G07G1/12, G07F7/08A2B, G06Q20/20, G06Q20/207, G06Q20/341, G06Q40/103, G06Q20/382|